second approach #302

AdguardExtension/AdguardPro/tunnel/APIPPacket.h

@@ -49,6 +49,10 @@ ip_hl:4;		/* header length */
 };
 #pragma pack(pop)
 
+
+#define APT_IPV6_FIXED_HEADER_LENGTH            40
+#define APT_IPV4_HEADER_LENGTH                  20
+
 uint32_t checksum_adder(uint32_t sum, void *data, uint32_t len);
 uint16_t checksum_finalize(uint32_t sum);
 

AdguardExtension/AdguardPro/tunnel/APIPPacket.m

@@ -19,8 +19,6 @@
 
 #import "APIPPacket.h"
 
-#define PACKED_STRUCT_DEF struct __attribute__((packed))
-
 @implementation APIPPacket
 
 - (id)init{
@@ -38,6 +36,9 @@ - (id)initWithData:(NSData *)data af:(NSNumber *)af{
 
         _lock = OS_SPINLOCK_INIT;
 
+        _ipHeader = NULL;
+        _ip6Header = NULL;
+
         if(![self parseData:data af:af])
             return nil;
     }
@@ -56,6 +57,9 @@ - (id)initWithAF:(NSNumber *)af protocol:(int)protocol{
 
         _lock = OS_SPINLOCK_INIT;
 
+        _ipHeader = NULL;
+        _ip6Header = NULL;
+
         if(![self createWithAF:af protocol:protocol])
             return nil;
     }
@@ -64,6 +68,11 @@ - (id)initWithAF:(NSNumber *)af protocol:(int)protocol{
 
 }
 
+- (void)dealloc {
+
+    _ip6Header = NULL;
+    _ipHeader = NULL;
+}
 /////////////////////////////////////////////////////////////////////
 #pragma mark Properties and public methods
 
@@ -111,6 +120,8 @@ - (void)setSrcAddress:(NSString *)srcAddress {
     OSSpinLockLock(&_lock);
     int af = [_aFamily intValue];
 
+    [self repareMutable];
+
     void *dest;
     if (af == AF_INET) {
 
@@ -177,13 +188,15 @@ - (void)setPayload:(NSData *)payload{
     if (af == AF_INET) {
 
 
+        _ipHeader = (struct iphdr *)_ipMPacket.mutableBytes;
         _ipHeader->ip_len = htons(_ipMPacket.length);
 
         [self checksumIPv4];
 
     } else if (af == AF_INET6) {
 
-        _ip6Header->ip6_plen = htons(_ipMPacket.length);
+        _ip6Header = (struct ip6_hdr *)_ipMPacket.mutableBytes;
+        _ip6Header->ip6_plen = htons(_ipMPacket.length - APT_IPV6_FIXED_HEADER_LENGTH);
     }
     OSSpinLockUnlock(&_lock);
 
@@ -197,8 +210,12 @@ - (void)repareMutable{
         _ipMPacket = [_ipPacket mutableCopy];
         _ipPacket = nil;
 
-        _ipHeader = (struct iphdr *)_ipMPacket.mutableBytes;
-        _ip6Header = (struct ip6_hdr *)_ipMPacket.mutableBytes;
+        if (_aFamily.intValue == AF_INET) {
+            _ipHeader = (struct iphdr *)_ipMPacket.mutableBytes;
+        }
+        else { // AF_INET6
+            _ip6Header = (struct ip6_hdr *)_ipMPacket.mutableBytes;
+        }
     }
 }
 
@@ -234,9 +251,9 @@ - (BOOL)parseData:(NSData *)data af:(NSNumber *)af{
         _ip6Header = (struct ip6_hdr *)_ipPacket.bytes;
 
         u_int8_t next = _ip6Header->ip6_nxt;
-        struct ip6_ext *extTest = (struct ip6_ext *)(_ip6Header + sizeof(_ip6Header));
+        struct ip6_ext *extTest = (struct ip6_ext *)((void *)_ip6Header + APT_IPV6_FIXED_HEADER_LENGTH);
         u_int64_t extLen = 0;
-        for (u_int8_t i = 8; i > 0; i--) {
+        for (int i = 10; i > 0; i--) {
 
             switch (next) {
                 case IPPROTO_HOPOPTS:
@@ -267,6 +284,10 @@ - (BOOL)parseData:(NSData *)data af:(NSNumber *)af{
 #endif
         char addr[INET6_ADDRSTRLEN];
 
+        // Note that routing header extention is ignored!
+        // And destionation address may be wrong.
+        // https://tools.ietf.org/html/rfc2460#section-4.4
+
         if (inet_ntop(AF_INET6, &(_ip6Header->ip6_dst),
                       addr, INET6_ADDRSTRLEN) == NULL) {
             return NO;
@@ -288,13 +309,14 @@ - (BOOL)parseData:(NSData *)data af:(NSNumber *)af{
 - (BOOL)createWithAF:(NSNumber *)af protocol:(int)protocol{
 
     _aFamily = af;
+    _protocol = protocol;
 
     int aFamily = [af intValue];
 
     if (aFamily == AF_INET) {
 
-        _ipMPacket = [NSMutableData dataWithLength:20];
-        _ipHeaderLength = 20;
+        _ipMPacket = [NSMutableData dataWithLength:APT_IPV4_HEADER_LENGTH];
+        _ipHeaderLength = APT_IPV4_HEADER_LENGTH;
         _ipHeader = (struct iphdr *)_ipMPacket.mutableBytes;
 
         _ipHeader->ip_v = IPVERSION;
@@ -315,17 +337,17 @@ - (BOOL)createWithAF:(NSNumber *)af protocol:(int)protocol{
     }
     else if (aFamily == AF_INET6){
 
-        _ipMPacket = [NSMutableData dataWithLength:40];
-        _ipHeaderLength = 40;
+        _ipMPacket = [NSMutableData dataWithLength:APT_IPV6_FIXED_HEADER_LENGTH];
+        _ipHeaderLength = APT_IPV6_FIXED_HEADER_LENGTH;
         _ip6Header = (struct ip6_hdr *)_ipMPacket.mutableBytes;
 
         _ip6Header->ip6_vfc = IPV6_VERSION;
 
 #if DEBUG
         _ipId = @"0";
 #endif
-        _ip6Header->ip6_plen = htons(_ipHeaderLength);
-        _ip6Header->ip6_hops = 0xff;
+        _ip6Header->ip6_plen = 0;
+        _ip6Header->ip6_hops = 64;
         _ip6Header->ip6_nxt = protocol;
 
         return YES;

AdguardExtension/AdguardPro/tunnel/APTUdpProxySession.m

@@ -287,12 +287,10 @@ - (void)setSessionReaders:(NWUDPSession *)session {
 
         NSMutableArray *protocols = [NSMutableArray new];
 
-        //TODO: ONLY IPv4 is supported
-
         NSArray *ipPackets = [sSelf ipPacketsWithDatagrams:datagrams];
         for (int i = 0; i < ipPackets.count; i++) {
 
-            [protocols addObject:@(AF_INET)];
+            [protocols addObject:_basePacket.aFamily];
         }
 
         //write data from remote endpoint into local TUN interface
@@ -613,12 +611,10 @@ - (void)sendBackBlacklistDnsDatagrams:(NSArray <APDnsDatagram *> *)dnsDatagrams
 
     NSMutableArray *protocols = [NSMutableArray new];
 
-    //TODO: ONLY IPv4 is supported
-
     NSArray *ipPackets = [self ipPacketsWithDatagrams:datagrams];
     for (int i = 0; i < ipPackets.count; i++) {
 
-        [protocols addObject:@(AF_INET)];
+        [protocols addObject:_basePacket.aFamily];
     }
 
     //write data from remote endpoint into local TUN interface